Complying with NFPA 110 in mission critical facilities
Design engineers must consider the implications of combining emergency, legally required, and optional standby systems to ensure code compliance, maintainability, and economics.
- Interpret the requirements of NFPA 110 and NFPA 70.
- Describe how to design mission critical facilities to meet these NFPA requirements.
- Identify potential alternative designs to meet the intent of NFPA 110.
Design engineers have many factors to consider when designing a backup system for a facility. Safety, maintainability, code compliance, and economics play crucial roles in determining the topology of a backup system for a critical facility. In large facilities where electrical system downtime results in significant economic loss, a backup power system usually is employed. Owners frequently desire to use their backup systems to support their emergency and legally required standby loads. Due to the requirements of NFPA 110-2013: Standard for Emergency and Standby Power Systems, and NFPA 70-2014: National Electrical Code (NEC), the design engineer must carefully consider the implications of combining emergency, legally required, and optional standby systems to ensure code compliance with maintainability and economics in mind.
NFPA 110 provides requirements, but is not meant to be a design guide. The annexes provide example topologies that meet the intent of the standard, but these examples do not address the complexities of designing a system for a large facility with multiple system types.
NFPA 110 defines terms used throughout this article. NFPA 110-3.3.3 defines the electrical power source for the emergency power system as the emergency power supply (EPS). This includes the actual generator, turbine, or other source producing the power used by the system. NFPA 110-3.3.4 defines the emergency power supply system (EPSS) as the distribution system from the EPS to the load terminals of the transfer equipment. NFPA 110-4.4 defines two levels of EPSSs. Level 1 is defined as “where failure of the equipment to perform could result in loss of human life or serious injuries.” Level 2 is defined as “where failure of the EPSS to perform is less critical to human life and safety.” There are numerous articles that further discuss the code requirements and implications of NFPA 110 and its relationship with other codes. As such, this article does not focus on the details of NFPA 110 definitions. Instead, it concentrates on ways to meet NFPA 110 and 70 while providing the owner with a system that meets expectations.
Major challenges to meeting NFPA 110
The first major challenge to meeting the requirements of NFPA 110 is properly defining system levels. This requires careful evaluation of the loads you are serving and coordination with your authority having jurisdiction (AHJ). According to Annex A.4.4.1, “Level 1 systems are intended to automatically supply illumination or power, or both, to critical areas and equipment … Essential electrical systems can provide power for the following essential functions: life safety illumination, fire detection and alarm systems, elevators, fire pumps, public safety communications systems, industrial processes where current interruption would produce serious life safety or health hazards, and essential ventilating and smoke removal systems.” Some jurisdictions have interpreted the text of this annex to mean that any electrical system that includes these types of loads is a Level 1 system.
The next significant challenge to meeting NFPA 110 is fuel storage requirements. According to Annex A.4.2, 96 hr of fuel may be required in certain seismic zones. In summary, “Where the seismic design category is C, D, E, or F, as determined in accordance with ASCE/SEI 7: Minimum Design Loads for Buildings and Other Structures, the EPS supplying a Level 1 EPSS should be capable of a minimum 96 hr of operation without refueling if it is determined that EPS operation is necessary for this period.” This is a change from the 2010 standard where the 96-hr fuel requirement was called out explicitly in the body of NFPA 110. Some jurisdictions have interpreted this as a requirement to provide 96 hr of fuel any time you have a Level 1 system in a high seismic zone.
In addition, Section 5.5.3 requires that the main fuel tank carry 133% of the fuel required to meet the class requirements of the EPSS. In other words, if you require 20,000 gal of fuel to run a large generator for 96 hr, you must actually store 26,600 gal of fuel. In a large facility with large generator sets, these two requirements can result in hundreds of thousands of gallons of fuel storage. In addition to the obvious cost and real estate issues with this requirement, fuel recirculation and stabilization quickly becomes an issue.
Another challenge to NFPA 110 compliance is serving the relatively small code-required loads in a mission critical facility such as a data center. A data center is certainly a major example of mission critical facilities that have spawned publications and organizations to support them, but there are other types of mission critical facilities. Other examples of mission critical systems are those that support research where the failure can result in millions of dollars of loss, or response centers where power failure could hinder the response of a company to a crisis. Based on NFPA definitions, mission critical loads are generally classified as optional standby loads. Despite the fact that these types of loads are not life safety loads, in the owner’s perception, they are no less critical to maintain. As such, the electrical distribution that supports them can be as robust, and many times are more robust than the Level 1 EPSS that supports life safety loads.
Finally, it can be challenging to economically scale NFPA 110 on a large system for a large system load. The examples given in Annex B of NFPA 110 are well-suited for applications lower than 600 Vac (see Figure 1). Large power systems are typically designed at system voltages of 12 kV and higher. Large loads will lead you toward system designs that include medium-voltage transfers. This may not meet the requirements of section 6.1.6, which states that only “medium-voltage transfer of central plant or mechanical equipment not including life safety, emergency, or critical branch loads shall be permitted.”
Approaches to NFPA 110 compliance
Approaches to complying with NFPA 110 and the NEC include involving the AHJ early, separating levels and loads, providing an equivalent system, or providing a separate utility service.
Early AHJ involvement: While it seems obvious, the most important step in complying with NFPA 110 is involving the AHJ early. Interpretations vary throughout the country, and it is far easier to work with your AHJ early in the design process to ensure you are meeting his or her requirements. With early AHJ involvement, you may be able to clarify where in the system he or she will allow transfers, or come to a common understanding of which loads will be characterized as Level 1 and Level 2 loads. No one wants to have equipment delivered only to find that they are not meeting the requirements of the local jurisdiction.
Separation of levels and loads: A straightforward technique for compliance with NEC and NFPA 110 is to separate the electrical distribution system from the EPS all the way to the loads. This technique has benefits and drawbacks to consider before implementation.
A major benefit to this compliance technique is its simplicity. By having one generator and associated EPSS designated the Level 1 life safety generator system, the engineer’s design intent is very clear to the owner, operations, and construction teams. This should make it easier to maintain the integrity of the system (see Figure 2). In addition, this allows the owner and engineer to limit any NFPA requirements for the Level 1 EPS and EPSS to only the life safety loads. Depending on the overall size of the system and the relative size of the Level 1 loads to the overall system size, this may result in reduced cost.
There is also a perceived benefit to having the systems separated due to the need to remove non-life safety loads from the generator plant first. If Level 1, Level 2, and other loads are on the same EPS, NFPA 110 requires the removal of lower-priority loads from the EPS in the event of an overload condition. While this is an important requirement from a life safety perspective, there is some concern that this may cause an outage in a Level 2 or mission critical system. Separating the EPSS systems prevents this from happening and allows the two systems to function completely independently.
Another benefit is creating greater operational flexibility for the standby system. By having the optional standby loads on an independent EPSS, the owner and operators understand that modifications can be made to that system without impacting the life safety system. This can be especially important for industrial and mission critical systems, where the loads on the optional standby system may be changed regularly.
While there are numerous benefits to separating the Level 1 and 2 EPSSs, there are also some drawbacks. The primary drawback is simple economics. By separating the loads, there is no ability to share generator capacity between the life safety and optional standby loads, which may result in the purchase of generator capacity that is stranded or runs idle. The additional capacity would result in upsized electrical components, cabling, breakers, etc., that can have a significant impact on the overall cost of the electrical distribution system.
Another drawback can be the need to provide separate spaces for Level 1 and Level 2 EPS equipment installed indoors based on NFPA 110-7.2.1. While most commercial and retail facilities have generators located outdoors, many industrial and mission critical facilities locate generators inside to support maintenance, operations, and sound ordinances. This NFPA 110 requirement can have a tremendous impact on how—and even if—a facility is able to be constructed.
Finally, an additional item to consider is having the Level 1 generator system backed up by the standby generator system. There is no code requirement indicating redundancy for a Level 1 generator. However, it would be unfortunate that in the unlikely event that the emergency generator fails to operate, the building loses emergency power while maintaining standby power. Backing up the emergency system with the standby system, therefore, seems like a good idea. Before implementing this as a solution, generator sizing and transfer controls should be considered. Start by asking these questions:
- Will the generator be increased in capacity to accept the additional load, or will a load-shedding scheme be implemented?
- If both systems operate, will the emergency loads remain on the emergency system, or will the standby system accept all the loads?
- If controls are implemented over a communication network, what happens if that network fails?
Provide an equivalent system: Section 1.4 states, “Nothing in this standard is intended to prevent the use of systems, methods, or devices of equivalent or superior quality, strength, fire resistance, effectiveness, durability, and safety to those prescribed by this standard.” You must prove equivalency. This is not about getting around the standard, but rather how to have an equivalent solution that is at least as reliable and meets the requirements of the client and AHJ.
The topologies that are commonly employed for smaller systems do not scale well on large systems. On a large scale, they are expensive to install, difficult to maintain, and coordinating motor-starting on a generator is complicated.
Figure 3 shows a system that provided an equivalent solution to an AHJ in one area of the country. In this case, the generating plant ties into the medium-voltage switchgear, and the medium-voltage breakers are configured as a transfer pair. When relays at either utility source alarm on undervoltage, both generator plants start, begin paralleling, and begin synchronizing to the utility. Then, if either utility source fails, the generating plant is ready to energize the load. If the utility fails, the generators will start normally with no synchronization and energize Level 1 loads within 10 sec. Proper redundancy is maintained by providing physical redundancy of code-required loads in the field with each redundant load fed off of different generator-paralleling gear. In this design, the redundant loads were already a part of the design and were not added to the design to ensure compliance with NFPA 110. To minimize the size of the generator plant, a load-shedding scheme is employed to shed loads that are not Level 1 or Level 2. Refer to Section 6.3 of NFPA 110 for additional information on deploying load shedding and Section 6.1.6 for additional information regarding transfer switch requirements and medium-voltage transfers. Another item to consider with large-scale synchronized systems is the time it takes to come online. Section 700.12 of the NEC requires emergency power to be available within 10 sec of the loss of utility. If this timing requirement cannot be demonstrated during testing, then the topology or the control system must be modified so that this requirement can be met.
To provide an equivalent system, additional design elements were added to meet the requirements of the AHJ. In addition to building the preferred sequence of operations into the controls, failure modes were also evaluated. During the design and review phase, breaker fail, generator fail-to-start, transfer pair failure, and other failure modes were evaluated. These failures affect the generator response and needed to be understood to ensure the generator system would respond appropriately to the abnormal operation of the distribution system. To specify and test the generator system, these failure modes were incorporated into the overall design, specified, and tested during the operational testing of the system. Testing the overall response of the electrical distribution system for both expected operation as well as maintenance and failure modes while under load, ensured proper operation of the system and provided the AHJ with evidence that an equivalent system had been constructed.
Provide a second utility service: A second utility service is allowed to serve both emergency and legally required standby loads per the NEC, Article 700.12(D) with AHJ approval. Additionally, second utility services that are allowed as the EPSS are not covered by NFPA 110.
A possible configuration using a second utility service is shown in Figure 4. In this case, a medium-voltage service acts as the normal power source, and a separate utility service acts as the standby power source. Because the second utility source serves only code-required loads, it can be significantly smaller than the primary utility service. Unlike generators, breaking up loads into blocks and sequencing them is far less critical. A robust utility service does not experience the voltage and frequency excursions that a generator does when a large block load is applied.
However, using a second service requires extra diligence on the part of the engineer. It is crucial to remember that the lives of people in and around a facility may depend on the reliable delivery of power to the emergency and legally required systems. Before using a second service, the engineer should obtain reliability statistics on the second service from the utility as well as a thorough understanding of the utility system. Separate services that have a common nearby substation, are at the end of a radial line, or share a common pathway such as common utility poles, must be avoided. And while not required, it is wise to provide battery-backed lighting systems for mandatory egress lighting. In the event of a grid failure, at least the building occupants are provided with a means to exit the building. As indicated in the NEC, this second service must be deemed reliable, and this method must be approved by the AHJ. The AHJ may still require critical systems, such as emergency lighting and fire alarms, to have a separate emergency backup.
There is no one-size-fits-all solution for designing a large-scale NFPA 110-compliant system. To meet the intent of the standard, the design engineer must first and foremost provide a system design that ensures the safety of the people who rely on the system. After that, there are many different items that must be considered by the design engineer and the owner to ensure the system is capable of meeting the needs of the owner as well as the intent of NFPA 110. Some items that should be considered are first cost, lifetime cost, ease of maintenance, constructability, and scalability. These concerns are similar for smaller facilities. But for mission critical or high-value production facilities, these concerns can become a bigger factor due to the standby system scale and requirements. There are many techniques available, such as those presented here, that can support a design engineer in delivering a standby system that meets the local building codes, the NEC, NFPA 110, and the owner’s expectations.
Brian Martin is the manager of the electrical department in the Portland, Ore., office of CH2M. He is a member of the Consulting-Specifying Engineer editorial advisory board.
Jeremy Taylor is an electrical engineer at CH2M. He has more than 10 years of experience as an electrical engineer in a wide array of projects including multiple mission critical facilities, ranging from small 50-kW generator retrofits to 15-MW data centers.